Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
2
SLTT Cybersecurity Maturity – A Snapshot of 2019
Eugene Kipniss Member Programs Manager, EI-ISAC and MS-ISAC
Nationwide Cybersecurity Review• Annual Self-Assessment
• No Cost• Anonymous
• NIST Framework• Required for some FEMA HSGP grant
recipients• Align use of these funds to gaps
measured by the NCSR year to year• Cybersecurity Roadmap
• Identify Areas for Improvement• Justify Investments
3TLP: WHITEConfidential & Proprietary
Nationwide Cybersecurity Review
4
2019 Participants• 3,135 Total Participant Organizations
• 50 State Governments• 16 State Level Elections Offices• 2,523 Local Governments• 19 Tribal Governments• 6 Territorial Participants
https://www.cisecurity.org/ms-isac/services/ncsr
TLP: WHITEConfidential & Proprietary
https://www.cisecurity.org/ms-isac/services/ncsr
2019 NCSR Results for State, Local, Tribal, and Territorial Governments
5Confidential & Proprietary
2019 NCSR Results for State and Local Elections
6Confidential & Proprietary
2019 NCSR Key Findings
7
• All peer groups of SLTT organizations continued to score below the overall minimum recommended maturity level of five (Implementation in Process).
• Adoption of a security framework has a significant impact on organizational cyber maturity.
• Continuous engagement is a key factor in the cybersecurity maturity of SLTTs.
• The lowest scoring categories measured in the NCSR are related to risk management and supply chain risk management.
Confidential & Proprietary
Highlighted Results by NIST CSF Category
8
• Identify - Supply Chain Risk Management was the area of lowest maturity for State Elections, Local Elections, and State, Local, Tribal, and Territorial Governments
• Identify - Risk Management Strategy was the area of second lowest maturity for State Elections, Local Elections, and State, Local, and Tribal Governments
• Respond – Improvements and Recover – Improvements were the lowest scoring categories within their functions for the State, Local, Tribal, and Territorial Governments
Confidential & Proprietary
Improving Maturity Moving ForwardSome Key Recommendations for the SLTT Community and Partners
9
• General Recommendation: Use the NIST CSF Policy Template Guide to locate template policies for customization and adoption.
• General Recommendation: Services and resources for SLTT organizations should be delivered at no or low-cost with low impact on staffing.
• Identify - Supply Chain Risk Management: Leverage the CIS Election Technology Procurement Guide. The MS-ISAC Metrics Working Group’s new Supply Chain Subcommittee is collecting policy/procedure templates.
• Respond – Improvements and Recover – Improvements: Utilize the MS-ISAC Business Resiliency Working Group’s guide on reviewing lessons learned and turning after-action reporting into improvements to processes.
Confidential & Proprietary
https://www.cisecurity.org/wp-content/uploads/2020/07/NIST-CSF-Policy-Template-Guide-2020-0720-1.pdfhttps://www.cisecurity.org/elections-resources/
2019 Top Reported Security Concerns
10Confidential & Proprietary
Nationwide Cybersecurity ReviewTell all the SLTT about it!
11
• 2019 NCSR Summary Report is coming in Fall 2020• Learn more about our findings and data set regarding SLTT maturity
• 2020 NCSR• Currently Open for Registration• Officially open October 1 through December 31• More participation leads to better data and
recommendations
• Registration & Resources• Located on NCSR Webpage• End-User Guidance• Results & Reporting Templates
Confidential & Proprietary
Thank You
Multi-State Information Sharing & Analysis Center (MS-ISAC)
Email: [email protected]: https://www.cisecurity.org/ms-
isac/services/ncsr
12
mailto:[email protected]://www.cisecurity.org/ms-isac/services/ncsr
Slide Number 1SLTT Cybersecurity Maturity – A Snapshot of 2019Nationwide Cybersecurity ReviewNationwide Cybersecurity Review2019 NCSR Results for State, Local, Tribal, and Territorial Governments2019 NCSR Results for State and Local Elections2019 NCSR Key FindingsHighlighted Results by NIST CSF CategoryImproving Maturity Moving Forward�Some Key Recommendations for the SLTT Community and Partners2019 Top Reported Security ConcernsNationwide Cybersecurity Review�Tell all the SLTT about it!Slide Number 12Slide Number 13